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DETAILED ACTION 

1. Claims 1-41 are pending. 

2. Amendment filed 10/10/2006 has been received and 
considered . 



Claim Rejections - 35 USC §112 

3. The filed amendment overcomes the rejections under the 
second paragraph of 35 USC 112. 



Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which 
forms the basis for all obviousness rejections set forth in this 
Office action: 

(a) A patent may not be obtained though the invention is not 
identically disclosed or described as set forth in section 102 of this 
title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole 
would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the 
invention was made. 

4. Claims 1-5, 12-13, 17-22, 24, 26, and 34-40 are rejected 

under 35 U.S.C. 103(a) as being unpatentable over Vogelesang, 

U.S. Patent No. 5,953,424, in view of Menezes (Menezes, Alfred 

J. Handbook of Applied Cryptography. CRC Press. 1997. pages 



234-237) 
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As per claims 1, 20, 21, 22, 24, and 38-40, the applicant 
describes a cryptographic method with the following limitations 
which are met by Vogelesang in view of Menezes: 

a) generating, at a first entity, a first public key M B , the 
first public key M B being session specific (Vogelesang: Col 16, 
lines 33-35) ; 

b) receiving, at a first entity, a second public key M A , the 
second public key M A being session specific (Vogelesang: Col 16, 
lines 36-38 ) ; 

c) generating, at the first entity, a first session key K B 
and a first secret S B - the first session key K B being different 
from the first secret S B , both the first session key K B and the 
first secret S B being computed from the second public key M A 
(Vogelesang: Col 16, lines 39-67); 

• d) -encrypting, at the first entity, a first random nonce N B ' 
with the first session key K B or the first secret S B to obtain a 
first encrypted result (Vogelesang: Col 16, lines 43-67); 

e) encrypting, at the first entity, the first encrypted 
result with the other one of the first session key K B or the 
first secret S B to obtain an encrypted random nonce (Vogelesang: 
Col 16, lines 43-67; Menezes: pages 234-237); 

f) transmitting the encrypted random nonce from the first 
entity to the second entity (Vogelesang: Col 16, lines 64-67); 
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g) receiving a response to the encrypted random nonce 
(Vogelesang: Gol 17, lines 19-24); 

h) authenticating through determining whether the response 
includes a correct modification of the first random nonce N B 
(Vogelesang: Col 17, lines 28-30). 

Vogelesang teaches a cryptographic method which meets 
limitations of the above claim (except for part e) . 
Specifically with regards to part e) , Vogelesang teaches that a 
first random nonce may be encrypted at the first entity with a 
session key to obtain a first encrypted result (e.g. Col 16, 
lines 64-67) (part d) . Vogelesang also teaches a number of 
secrets that are generated using the second public key (e.g. T, 
Y D , and other values which qualify as a "secret" under MPEP 
2111) . However, Vogelesang does not appear to suggest that the 
first encrypted result may be double encrypted. 

Menezes teaches that encipherment of a message more than 
once "may increase security" (Menezes: page 234). Further, 
illustrates the process whereby a message may be encrypted once 
with a first key and a second time with another key (Menezes: 
page 234, part (a)). Combining the ideas of Menezes with 
Vogelesang facilitates a system in which a message may be 
encrypted once with a first key (e.g. session key) (part d) and 
a second time with another key (e.g. secret). It would have 
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been obvious to one of ordinary skill in the art at the time the 
invention was filed to combine the ideas of Menezes with those 
of Vogelesang because doing so may increase security. 

As per claim 2, the applicant describes the method of claim 
1, which is met by Vogelesang in view of Menezes, with the 
following limitations which are also met by Vogelesang: 

a) generating the first secret S B from at least a first 
password P B and the first public key M B (Vogelesang: Col 16, 
lines 39-67) . 

As per claims 3 and 4, the applicant describes the method 
of claim 1, which is met by Vogelesang in view of Menezes, with 
the following limitation which is also met by Vogelesang: 

Checking whether a received modification of the first 
random nonce N B equals a modification of the first random nonce 
N B applied by the first entity (Vogelesang: Col 17, lines 25-37). 

As per claim 5, the applicant describes the method of claim 
1, which is met by Vogelesang in view of Menezes, with the 
following limitation which is also met by Vogelesang: 

a) generating a first random number R B (Vogelesang: Col 16, 
lines 39-40) ; 
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b) computing the first session key K B from the second public 
key M A raised to the exponential power of the first random number 
R B , modulo a parameter B B (Vogelesang: Col 16, lines 39-42) . 

As per claims 12 and 13, the applicant describes the method 
of claim 1, which is met by Vogelesang in view of Menezes, with 
the following limitation which is also met by Vogelesang: 

Wherein the first random nonce is encrypted using a 
symmetrical encryption algorithm (Vogelesang: Col 16, lines 64-. 
67) . 

As per claims 17-19, the applicant describes the method of 
claim 1, which is met by Vogelesang in view of Menezes, with the 
following limitation which is also met by Vogelesang: 

a) extracting the second random nonce N A from the response 
(Vogelesang: Col 16, line 39 to Col 17, line 28); 

b) modifying the second random nonce N A to obtain a modified 
second random nonce (Vogelesang: Col 16, line 39 to Col 17, line 
28) ; 

c) encrypting the modified second random nonce using the 
first session key K B and the first secret S B to obtain an 
encrypted package (Vogelesang: Col 16, line 39 to Col 17, line 
28); 
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d) transmitting the encrypted package from the first entity 
(Vogelesang: Col 16, line 39 to Col 17, line 28) . 

As per claim 26, the applicant describes the method of 
claim 24, which is met by Vogelesang in view of Menezes, with 
the following limitations which are met by Vogelesang: 

a) generating a first random number R B (Vogelesang: Col 16, 
lines 39-40) ; 

b) computing the first session key K B from the second public 
key Ma raised to the exponential power of the first random number 
R B , modulo a parameter B B (Vogelesang: Col 16, lines 39-42) . 

As per claims 34-37, the applicant describes the method of 
claim 24, which is met by Vogelesang in view of Menezes, with 
the following limitation which is also met by Vogelesang: 

a) generating a first random number N B (Vogelesang: Col 16, 
line 33 to Col 17, line 27); 

b) encrypting a combination of the first random number N B 
and the modified second random number (Vogelesang: Col 16, line 
33 to Col 27, line 27) . 

5. Claims 6-9, 11, and 27-32 are rejected under 35 U.S.C. 
103(a) as being unpatentable over Vogelesang in view of Menezes 
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in further view of Wu (Wu, Thomas. "The Secure Remote Password 
Protocol". November 11, 1997. Stanford University. pages 1- 
17) . 

As per claims 6-9, 11, 27-30, and 32, the applicant 
describes the method of claims 1 and 27, which are met by 
Vogelesang in view of Menezes, with the following limitation 
which is also met by Wu: 

Wherein the first secret S B is generated using a combining 
function f B on at least a first password P B and the first public 
key M B (Wu : page 7 ) . 

Vogelesang in view of Menezes teaches all the limitations 
of claim 1. However, Vogelesang in view of Menezes do not 
■ appear to teach that a secret may be generated from a combining 
function of a password and a public key. Wu teaches that a 
secret may be generated from a combining function of a password 
and a public key. It would have been obvious to one of ordinary 
skill in the art at the time the invention was filed to combine 
the ideas of Wu with those of Vogelesang in view of Menezes and 
* utilize a combining function to create a secret because doing so 
facilitates a secure generation of the secret. 
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As per claims 10 and 31, the applicant describes the method 
of claims 9 and 30, which are met by Vogelesang in view of 
Menezes in further view of Wu, with the following limitation: 

Wherein the one-way hash function is one of the Secure Hash 
Algorithm, the Message Digest 5, Snefru, Nippon Telephone and 
Telegraph Hash, and the Gosudarstvennyl Standard. 

Vogelesang in view of Menezes in further view of Wu teach 
all the limitations of claim 9. However, the combination 
appears to be silent as to what type of one-way hash function is 
employed. Examiner takes official notice that at least the 
Secure Hash Algorithm is common and known in the art. It would 
have been obvious to one of ordinary skill in the art to utilize 
the Secure Hash Algorithm because it is a common method of 
securely creating a hash. 

As per claims 14-16,25, and 33, the applicant describes the 
method of claim 1 and 24, which are met by Vogelesang in view of 
Menezes, with the following limitation which is met by Menezes: 

a) wherein encrypting the first random nonce N B includes 
superencrypting the first random nonce N B (Menezes: pages 234- 
237) ; 
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As per claim 41, the applicant describes the method of 
claim 40, which is met by Vogelesang in view of Menezes, with 
the following limitation which is also met by Vogelesang: 

Wherein the network is a network operating according to a 
hypertext transfer protocol and the first public key M B is 
transmitted for session key exchange before the encrypted second 
random number is received (Vogelesang: Col 1, lines 12-14; Col 
16, lines 25-67) . 

Claim 23 is rejected under 35 U.S.C. 103(a) as being 
unpatentable over Vogelesang in view of Menezes. 

As per claim 23, the applicant describes the system of 
claim 22, which is met by Vogelesang in view of Menezes, with 
the following limitation: 

A network operating according to a hypertext transfer 
protocol and the first public key M B is transmitted with the 
encrypted random nonce for session key exchange; 

Vogelesang in view of Menezes does not disclose 
transmitting the first public key M B with the encrypted random 
nonce. Applicant's failure to argue the previous official 
notice of the subject matter of claim 23 is taken as 
acquiescence that the subject matter of claim 23 is obvious (See 
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MPEP 2144.03). It would have been obvious to one of ordinary 
skill in the art at the time the invention was filed to transmit 
a key with a nonce because doing so is more efficient than 
having to make two separation transmissions for the key and the 
nonce . 

Response to Arguments 

6. Applicant's arguments filed 10/10/2006 have been fully 
considered but they are not persuasive. Applicant argues that 
Vogelesang in view of Menezes doe's not teach both the first 
session key and first secret being computed from the second 
public key and Wu fails to teach a combining function to 
generate a secret. 

With respect to Applicant's argument that Vogelesang in 
view of Menezes does not teach both the first session key and 
first secret being computed from the second public key because 
Menezes teaches that the two encryption keys are independent of 
each other and therefore cannot be computed from the same public 
key, Menezes does teach this fact in definition 7.29, but in 
definition 7.30 Menezes teaches that the keys need not be 
independent. Therefore the combination of Vogelesang and 
Menezes teaches both the first session key and first secret 
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being computed from the second public key as put forth in the 
above rejection. 

With respect to Applicant's argument that Wu fails to teach 
a combining function to generate a secret the combination of 
Vogelesang and Menezes teaches the generation of a secret, and 
Wu is relied upon for the teaching of a combining function used 
in a mutually authenticated key exchange algorithm. 
Furthermore, the combining function is used to generate B which 
is used to generate S and S is the secret so the combining 
function is used to generate a secret. 

Conclusion 

7. THIS ACTION IS MADE FINAL . Applicant is reminded of the 
extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action 
is set to expire THREE MONTHS from the mailing date of this 
action. In the event a first reply is filed within TWO MONTHS 
of the mailing date of this final action and the advisory action 
is not mailed until after the end of the THREE-MONTH shortened 
statutory period," then the shortened statutory period will 
expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated 
from the mailing date of the advisory action. In no event, 
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however, will the statutory period for reply expire later than 
SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier 
communications from the examiner should be directed to Michael 
Pyzocha whose telephone number is (571) 272-3875. The examiner 
can normally be reached on 7:00am - 4:30pm first Fridays of the 
bi-week off. 

If attempts to reach the examiner by telephone are 
unsuccessful, the examiner's supervisor, Emmanuel Moise can be 
reached on (571) 272-3865. The fax phone number for the 
organization where this application or proceeding is assigned is 
571-273-8300. 

Information regarding the status of an application may be 
obtained from the Patent Application Information Retrieval 
(PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, 
see http://pair-diirect.uspto.gov. Should you have questions on 
access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free) . 
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